利用逆向工程方法对WSN应用进行物联网安全攻击

2016 IEEE 3rd World Forum on Internet of Things (WF-IoT) Pub Date : 2016-12-01 DOI:10.1109/WF-IoT.2016.7845429

Mauricio Tellez, Samy El-Tawab, M. Heydari

{"title":"利用逆向工程方法对WSN应用进行物联网安全攻击","authors":"Mauricio Tellez, Samy El-Tawab, M. Heydari","doi":"10.1109/WF-IoT.2016.7845429","DOIUrl":null,"url":null,"abstract":"With the rapid technological advancements of sensors, Wireless Sensor Networks (WSNs) have become a popular technology for the Internet of Things (IoT). We investigated the security of WSNs in an environmental monitoring application with the goal to demonstrate the overall security. We implemented a Secure Temperature Monitoring System (STMS), which served as our WSN application. Our results revealed a security flaw found in the bootstrap loader (BSL) password used to protect MSP430 micro-controller units (MCUs). We demonstrated how the BSL password could be brute forced in a matter of days. Furthermore, we illustrate how an attacker can reverse engineer WSN applications to obtain critical security information such as encryption keys. We contribute a solution to patch the weak BSL password security flaw and improve the security of MSP430 MCU chips. The Secure-BSL patch we contribute allows the randomization of the BSL password. Our solution increases the brute force time to decades. The impractical brute force time enhances the security of the MSP430 and prevents future reverse engineering tactics. Our research serves as proof that the security of WSNs and the overall IoT technology is broken if we cannot protect these everyday objects at the physical layer.","PeriodicalId":373932,"journal":{"name":"2016 IEEE 3rd World Forum on Internet of Things (WF-IoT)","volume":"168 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"26","resultStr":"{\"title\":\"IoT security attacks using reverse engineering methods on WSN applications\",\"authors\":\"Mauricio Tellez, Samy El-Tawab, M. Heydari\",\"doi\":\"10.1109/WF-IoT.2016.7845429\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the rapid technological advancements of sensors, Wireless Sensor Networks (WSNs) have become a popular technology for the Internet of Things (IoT). We investigated the security of WSNs in an environmental monitoring application with the goal to demonstrate the overall security. We implemented a Secure Temperature Monitoring System (STMS), which served as our WSN application. Our results revealed a security flaw found in the bootstrap loader (BSL) password used to protect MSP430 micro-controller units (MCUs). We demonstrated how the BSL password could be brute forced in a matter of days. Furthermore, we illustrate how an attacker can reverse engineer WSN applications to obtain critical security information such as encryption keys. We contribute a solution to patch the weak BSL password security flaw and improve the security of MSP430 MCU chips. The Secure-BSL patch we contribute allows the randomization of the BSL password. Our solution increases the brute force time to decades. The impractical brute force time enhances the security of the MSP430 and prevents future reverse engineering tactics. Our research serves as proof that the security of WSNs and the overall IoT technology is broken if we cannot protect these everyday objects at the physical layer.\",\"PeriodicalId\":373932,\"journal\":{\"name\":\"2016 IEEE 3rd World Forum on Internet of Things (WF-IoT)\",\"volume\":\"168 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"26\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE 3rd World Forum on Internet of Things (WF-IoT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WF-IoT.2016.7845429\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE 3rd World Forum on Internet of Things (WF-IoT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WF-IoT.2016.7845429","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 26

摘要

随着传感器技术的快速发展，无线传感器网络(WSNs)已成为物联网(IoT)的热门技术。我们研究了无线传感器网络在环境监测应用中的安全性，目的是展示整体安全性。我们实现了一个安全温度监测系统(STMS)，作为我们的WSN应用程序。我们的研究结果揭示了用于保护MSP430微控制器单元(mcu)的引导加载程序(BSL)密码中发现的安全漏洞。我们演示了如何在几天内暴力破解BSL密码。此外，我们还说明了攻击者如何对WSN应用程序进行反向工程，以获取关键的安全信息，如加密密钥。针对BSL密码薄弱的安全漏洞，提出了一种解决方案，提高了MSP430单片机芯片的安全性。我们提供的Secure-BSL补丁允许BSL密码的随机化。我们的解决方案将暴力破解的时间增加到几十年。不切实际的暴力破解时间提高了MSP430的安全性，防止了未来的逆向工程策略。我们的研究证明，如果我们不能在物理层保护这些日常对象，wsn和整个物联网技术的安全性就会被破坏。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

IoT security attacks using reverse engineering methods on WSN applications

With the rapid technological advancements of sensors, Wireless Sensor Networks (WSNs) have become a popular technology for the Internet of Things (IoT). We investigated the security of WSNs in an environmental monitoring application with the goal to demonstrate the overall security. We implemented a Secure Temperature Monitoring System (STMS), which served as our WSN application. Our results revealed a security flaw found in the bootstrap loader (BSL) password used to protect MSP430 micro-controller units (MCUs). We demonstrated how the BSL password could be brute forced in a matter of days. Furthermore, we illustrate how an attacker can reverse engineer WSN applications to obtain critical security information such as encryption keys. We contribute a solution to patch the weak BSL password security flaw and improve the security of MSP430 MCU chips. The Secure-BSL patch we contribute allows the randomization of the BSL password. Our solution increases the brute force time to decades. The impractical brute force time enhances the security of the MSP430 and prevents future reverse engineering tactics. Our research serves as proof that the security of WSNs and the overall IoT technology is broken if we cannot protect these everyday objects at the physical layer.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 IEEE 3rd World Forum on Internet of Things (WF-IoT)

自引率

0.00%

发文量